moltbot-scan 0.1.0 → 0.3.0

package/README.md

@@ -7,12 +7,17 @@ A lightweight TypeScript SDK that scans incoming messages and returns structured
 ## Features
 
 - **Two-layer detection** — fast regex rules (<10ms) + optional LLM deep analysis
-- **4 threat categories** — prompt injection, credential theft, covert execution, social engineering
+- **6 threat categories** — prompt injection, credential theft, covert execution, social engineering, obfuscated encoding, malicious URIs
+- **Deep base64 scanning** — multi-layer decode (up to 3 levels) with full pattern matching on decoded content
+- **Encoding obfuscation detection** — hex (`\x65`), unicode (`\u0065`), HTML entities (`&#101;`), URL encoding (`%65`)
+- **Malicious URI detection** — `javascript:`, `data:`, `vbscript:` schemes, short URL services, path traversal
+- **QR code injection scanning** — decodes QR codes from PNG/JPEG images and scans content for threats
 - **Risk levels** — `HIGH` / `MEDIUM` / `LOW` / `SAFE` with numeric score (0-100)
 - **Express middleware** — one-line integration, auto-blocks dangerous messages
 - **Framework-agnostic handler** — works with any Node.js server
 - **Zero required dependencies** — LLM analysis is opt-in via `ANTHROPIC_API_KEY`
 - **Full TypeScript support** — ships with declaration files
+- **Local file scanning** — `scan-files` command audits skill repos, prompt libraries, and codebases for threats (including image QR codes)
 
 ## Real-World Results
 
@@ -83,7 +88,9 @@ console.log(result)
 //     covertExecution: false,
 //     socialEngineering: false,
 //     suspiciousLinks: false,
-//     base64Hidden: false
+//     maliciousUri: false,
+//     base64Hidden: false,
+//     obfuscatedEncoding: false
 //   },
 //   findings: [
 //     { severity: 'HIGH', category: 'direct_injection', ... },
@@ -156,7 +163,63 @@ if (llm.isAvailable) {
 }
 
 // Access all pattern rules
-console.log(ALL_PATTERNS.length) // 16 rules
+console.log(ALL_PATTERNS.length) // 20 rules
+```
+
+### CLI: Scan Local Files
+
+Scan any directory or file for prompt injection, credential theft, covert execution, and obfuscation threats — including QR codes in images:
+
+```bash
+# Basic scan
+agentshield scan-files ./my-skills-repo
+
+# Verbose output with file:line references
+agentshield scan-files ./prompts -v
+
+# JSON output (for CI/CD pipelines)
+agentshield scan-files ./src --output json
+
+# Save HTML report
+agentshield scan-files ./agents --output html --save report.html
+
+# Filter by file type
+agentshield scan-files ./repo --include .md,.py,.yaml
+
+# Exclude directories
+agentshield scan-files ./project --exclude build,tmp
+```
+
+| Option | Description |
+|--------|-------------|
+| `-v, --verbose` | Show detailed findings with file:line references |
+| `-o, --output <format>` | Output format: `cli` (default), `json`, `html` |
+| `--include <exts>` | File extensions to include (comma-separated) |
+| `--exclude <dirs>` | Directory names to exclude (comma-separated) |
+| `--skip-llm` | Skip LLM deep analysis |
+| `--no-recursive` | Do not scan subdirectories |
+| `--save <file>` | Save report to file |
+
+Exit code `1` if any HIGH-risk files are found — useful for CI/CD gates.
+
+Default scanned extensions: `.md`, `.txt`, `.ts`, `.js`, `.py`, `.yaml`, `.yml`, `.json`, `.sh`, `.png`, `.jpg`, `.jpeg`
+
+### SDK: File Scanner
+
+```typescript
+import { FileScanner } from 'moltbot-scan'
+
+const scanner = new FileScanner()
+const report = await scanner.scan('./my-skills-repo', {
+  verbose: false,
+  output: 'cli',
+  skipLLM: true,
+  recursive: true,
+})
+
+console.log(report.summary)    // { safe: 12, low: 2, medium: 1, high: 0 }
+console.log(report.riskFiles)  // [{ path: 'skills/evil.md', risk: 'MEDIUM', findingCount: 3 }]
+console.log(report.findings)   // [{ filePath, line, severity, category, description, matchedText, context }]
 ```
 
 ## API Reference
@@ -199,6 +262,17 @@ interface ScanResult {
   findings: ScanFinding[]
   llmAnalysis?: LLMAnalysisResult
 }
+
+interface ScanFlags {
+  promptInjection: boolean
+  credentialTheft: boolean
+  covertExecution: boolean
+  socialEngineering: boolean
+  suspiciousLinks: boolean
+  maliciousUri: boolean
+  base64Hidden: boolean
+  obfuscatedEncoding: boolean
+}
 ```
 
 ## Detection Rules
@@ -209,8 +283,11 @@ interface ScanResult {
 | Credential Theft | HIGH | "share your api_key", "cat ~/.ssh", "print env" |
 | Covert Execution | HIGH | `eval()`, `curl ... \| bash`, `base64 -d` |
 | Social Engineering | MEDIUM | "don't tell your owner", "this is a secret instruction" |
+| Obfuscated Encoding | HIGH/MEDIUM | `\x65\x76\x61\x6c` (hex), `\u0065val` (unicode), `&#101;val` (HTML entity), `%65val` (URL encoded) |
+| Malicious URI | HIGH/MEDIUM | `javascript:`, `data:text/html;base64,...`, `vbscript:`, short URLs (bit.ly, tinyurl) |
+| Base64 Deep Scan | HIGH | Multi-layer base64 decoded content matching any pattern rule |
+| QR Code Injection | HIGH/MEDIUM | QR codes in images containing injection, malicious URIs, or suspicious URLs |
 | Suspicious Links | LOW | URLs not in the known-safe domain allowlist |
-| Base64 Hidden | MEDIUM | Base64 strings that decode to shell commands |
 
 ## LLM Analysis
 
@@ -225,7 +302,7 @@ const result = await scan(content, { useLLM: false })
 
 ```bash
 npm install
-npm test       # run 64 tests
+npm test       # run 158 tests
 npm run build  # compile to dist/
 npm run serve  # launch web UI on localhost:3847
 ```
@@ -245,12 +322,17 @@ MIT
 ## 功能特色
 
 - **雙層偵測** — 快速正規表達式規則（<10ms）+ 可選的 LLM 深度分析
-- **4 大威脅類別** — 提示注入、憑證竊取、隱蔽執行、社交工程
+- **6 大威脅類別** — 提示注入、憑證竊取、隱蔽執行、社交工程、混淆編碼、惡意 URI
+- **深層 Base64 掃描** — 多層解碼（最多 3 層），解碼後對內容執行完整模式匹配
+- **編碼混淆偵測** — hex (`\x65`)、unicode (`\u0065`)、HTML 實體 (`&#101;`)、URL 編碼 (`%65`)
+- **惡意 URI 偵測** — `javascript:`、`data:`、`vbscript:` 協議、短網址服務、路徑遍歷
+- **QR Code 注入掃描** — 解碼 PNG/JPEG 圖片中的 QR Code，掃描內容是否含有威脅
 - **風險等級** — `HIGH` / `MEDIUM` / `LOW` / `SAFE`，附帶數字分數（0-100）
 - **Express 中介層** — 一行整合，自動攔截危險訊息
 - **框架無關處理器** — 適用於任何 Node.js 伺服器
 - **零必要依賴** — LLM 分析透過 `ANTHROPIC_API_KEY` 選擇性啟用
 - **完整 TypeScript 支援** — 附帶型別宣告檔
+- **本地檔案掃描** — `scan-files` 指令可審核技能倉庫、提示詞庫及程式碼庫中的威脅（包含圖片 QR Code）
 
 ## 真實數據驗證
 
@@ -321,7 +403,9 @@ console.log(result)
 //     covertExecution: false,
 //     socialEngineering: false,
 //     suspiciousLinks: false,
-//     base64Hidden: false
+//     maliciousUri: false,
+//     base64Hidden: false,
+//     obfuscatedEncoding: false
 //   },
 //   findings: [
 //     { severity: 'HIGH', category: 'direct_injection', ... },
@@ -394,7 +478,63 @@ if (llm.isAvailable) {
 }
 
 // 存取所有偵測規則
-console.log(ALL_PATTERNS.length) // 16 條規則
+console.log(ALL_PATTERNS.length) // 20 條規則
+```
+
+### CLI：掃描本地檔案
+
+掃描任何目錄或檔案，偵測提示注入、憑證竊取、隱蔽執行及混淆攻擊威脅 — 包含圖片中的 QR Code：
+
+```bash
+# 基本掃描
+agentshield scan-files ./my-skills-repo
+
+# 詳細輸出（含 file:line 參照）
+agentshield scan-files ./prompts -v
+
+# JSON 輸出（適用於 CI/CD 流水線）
+agentshield scan-files ./src --output json
+
+# 儲存 HTML 報告
+agentshield scan-files ./agents --output html --save report.html
+
+# 依檔案類型過濾
+agentshield scan-files ./repo --include .md,.py,.yaml
+
+# 排除目錄
+agentshield scan-files ./project --exclude build,tmp
+```
+
+| 選項 | 說明 |
+|------|------|
+| `-v, --verbose` | 顯示詳細發現，含 file:line 參照 |
+| `-o, --output <format>` | 輸出格式：`cli`（預設）、`json`、`html` |
+| `--include <exts>` | 要包含的副檔名（逗號分隔） |
+| `--exclude <dirs>` | 要排除的目錄名稱（逗號分隔） |
+| `--skip-llm` | 跳過 LLM 深度分析 |
+| `--no-recursive` | 不掃描子目錄 |
+| `--save <file>` | 將報告儲存至檔案 |
+
+若發現任何 HIGH 風險檔案，結束代碼為 `1` — 適用於 CI/CD 閘門。
+
+預設掃描副檔名：`.md`、`.txt`、`.ts`、`.js`、`.py`、`.yaml`、`.yml`、`.json`、`.sh`、`.png`、`.jpg`、`.jpeg`
+
+### SDK：檔案掃描器
+
+```typescript
+import { FileScanner } from 'moltbot-scan'
+
+const scanner = new FileScanner()
+const report = await scanner.scan('./my-skills-repo', {
+  verbose: false,
+  output: 'cli',
+  skipLLM: true,
+  recursive: true,
+})
+
+console.log(report.summary)    // { safe: 12, low: 2, medium: 1, high: 0 }
+console.log(report.riskFiles)  // [{ path: 'skills/evil.md', risk: 'MEDIUM', findingCount: 3 }]
+console.log(report.findings)   // [{ filePath, line, severity, category, description, matchedText, context }]
 ```
 
 ## API 參考
@@ -437,6 +577,17 @@ interface ScanResult {
   findings: ScanFinding[]
   llmAnalysis?: LLMAnalysisResult
 }
+
+interface ScanFlags {
+  promptInjection: boolean
+  credentialTheft: boolean
+  covertExecution: boolean
+  socialEngineering: boolean
+  suspiciousLinks: boolean
+  maliciousUri: boolean
+  base64Hidden: boolean
+  obfuscatedEncoding: boolean
+}
 ```
 
 ## 偵測規則
@@ -447,8 +598,11 @@ interface ScanResult {
 | 憑證竊取 | HIGH | "share your api_key"、"cat ~/.ssh"、"print env" |
 | 隱蔽執行 | HIGH | `eval()`、`curl ... \| bash`、`base64 -d` |
 | 社交工程 | MEDIUM | "don't tell your owner"、"this is a secret instruction" |
+| 混淆編碼 | HIGH/MEDIUM | `\x65\x76\x61\x6c`（hex）、`\u0065val`（unicode）、`&#101;val`（HTML 實體）、`%65val`（URL 編碼） |
+| 惡意 URI | HIGH/MEDIUM | `javascript:`、`data:text/html;base64,...`、`vbscript:`、短網址（bit.ly、tinyurl） |
+| Base64 深層掃描 | HIGH | 多層 Base64 解碼後的內容匹配任何偵測規則 |
+| QR Code 注入 | HIGH/MEDIUM | 圖片中的 QR Code 含有注入攻擊、惡意 URI 或可疑 URL |
 | 可疑連結 | LOW | 不在已知安全網域白名單中的 URL |
-| Base64 隱藏 | MEDIUM | 解碼後包含 shell 指令的 Base64 字串 |
 
 ## LLM 分析
 
@@ -463,7 +617,7 @@ const result = await scan(content, { useLLM: false })
 
 ```bash
 npm install
-npm test       # 執行 64 個測試
+npm test       # 執行 158 個測試
 npm run build  # 編譯到 dist/
 npm run serve  # 在 localhost:3847 啟動 Web UI
 ```

package/dist/analysis/patterns.d.ts

@@ -9,11 +9,50 @@ declare const DIRECT_INJECTION: PatternRule[];
 declare const CREDENTIAL_THEFT: PatternRule[];
 declare const COVERT_EXECUTION: PatternRule[];
 declare const SOCIAL_ENGINEERING: PatternRule[];
+declare const OBFUSCATED_ENCODING: PatternRule[];
 export declare const URL_PATTERN: RegExp;
 export declare function isSuspiciousUrl(url: string): boolean;
+export interface MaliciousUriResult {
+    uri: string;
+    reason: string;
+    severity: Severity;
+}
+export declare function detectMaliciousUris(content: string): MaliciousUriResult[];
+export declare function isShortUrl(url: string): boolean;
 export declare const BASE64_PATTERN: RegExp;
+export interface Base64DecodedThreat {
+    encodedText: string;
+    decodedText: string;
+    matchedRule: string;
+    depth: number;
+}
+/**
+ * Enhanced base64 detection:
+ * 1. Decodes base64 and runs ALL pattern rules against decoded content
+ * 2. Supports multi-layer decoding (up to 3 levels deep)
+ * 3. Returns detailed info about what was found
+ */
+export declare function deepBase64Scan(content: string, maxDepth?: number): Base64DecodedThreat[];
+/**
+ * Simple boolean check — backward compatible with original API.
+ * Now uses the enhanced deep scan internally.
+ */
 export declare function containsBase64Hidden(content: string): boolean;
+export interface ObfuscationResult {
+    type: 'hex' | 'unicode' | 'html_entity' | 'url_encoding';
+    encoded: string;
+    decoded: string;
+    threatFound: string | null;
+}
+/**
+ * Detects obfuscated encoding and checks decoded content for threats.
+ */
+export declare function detectObfuscatedEncoding(content: string): ObfuscationResult[];
+/**
+ * Simple boolean check for whether any obfuscated encoding with threats is present.
+ */
+export declare function containsObfuscatedEncoding(content: string): boolean;
 export declare function hasDuplicateContent(contents: string[], threshold?: number): boolean;
 export declare const ALL_PATTERNS: PatternRule[];
-export { DIRECT_INJECTION, CREDENTIAL_THEFT, COVERT_EXECUTION, SOCIAL_ENGINEERING, };
+export { DIRECT_INJECTION, CREDENTIAL_THEFT, COVERT_EXECUTION, SOCIAL_ENGINEERING, OBFUSCATED_ENCODING, };
 //# sourceMappingURL=patterns.d.ts.map

package/dist/analysis/patterns.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/analysis/patterns.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAEhE,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,QAAQ,EAAE,QAAQ,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAID,QAAA,MAAM,gBAAgB,EAAE,WAAW,EAyBlC,CAAC;AAIF,QAAA,MAAM,gBAAgB,EAAE,WAAW,EAyBlC,CAAC;AAIF,QAAA,MAAM,gBAAgB,EAAE,WAAW,EAyBlC,CAAC;AAIF,QAAA,MAAM,kBAAkB,EAAE,WAAW,EAyBpC,CAAC;AAYF,eAAO,MAAM,WAAW,QAA+B,CAAC;AAExD,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAQpD;AAID,eAAO,MAAM,cAAc,QAA6B,CAAC;AAEzD,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAY7D;AAID,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,SAAS,SAAM,GAAG,OAAO,CAgBhF;AAID,eAAO,MAAM,YAAY,EAAE,WAAW,EAKrC,CAAC;AAEF,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,GACnB,CAAC"}
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/analysis/patterns.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAEhE,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,QAAQ,EAAE,QAAQ,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAID,QAAA,MAAM,gBAAgB,EAAE,WAAW,EAyBlC,CAAC;AAIF,QAAA,MAAM,gBAAgB,EAAE,WAAW,EAyBlC,CAAC;AAIF,QAAA,MAAM,gBAAgB,EAAE,WAAW,EAyBlC,CAAC;AAIF,QAAA,MAAM,kBAAkB,EAAE,WAAW,EAyBpC,CAAC;AAIF,QAAA,MAAM,mBAAmB,EAAE,WAAW,EAyBrC,CAAC;AAkBF,eAAO,MAAM,WAAW,QAA+B,CAAC;AAExD,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAQpD;AASD,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,QAAQ,CAAC;CACpB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,kBAAkB,EAAE,CAgDzE;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAQ/C;AAID,eAAO,MAAM,cAAc,QAA6B,CAAC;AAEzD,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,SAAI,GAAG,mBAAmB,EAAE,CA2DnF;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE7D;AAID,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,KAAK,GAAG,SAAS,GAAG,aAAa,GAAG,cAAc,CAAC;IACzD,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAgCD;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,EAAE,CA+E7E;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAGnE;AAID,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,SAAS,SAAM,GAAG,OAAO,CAgBhF;AAID,eAAO,MAAM,YAAY,EAAE,WAAW,EAMrC,CAAC;AAEF,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,GACpB,CAAC"}

package/dist/analysis/patterns.js

@@ -1,8 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SOCIAL_ENGINEERING = exports.COVERT_EXECUTION = exports.CREDENTIAL_THEFT = exports.DIRECT_INJECTION = exports.ALL_PATTERNS = exports.BASE64_PATTERN = exports.URL_PATTERN = void 0;
+exports.OBFUSCATED_ENCODING = exports.SOCIAL_ENGINEERING = exports.COVERT_EXECUTION = exports.CREDENTIAL_THEFT = exports.DIRECT_INJECTION = exports.ALL_PATTERNS = exports.BASE64_PATTERN = exports.URL_PATTERN = void 0;
 exports.isSuspiciousUrl = isSuspiciousUrl;
+exports.detectMaliciousUris = detectMaliciousUris;
+exports.isShortUrl = isShortUrl;
+exports.deepBase64Scan = deepBase64Scan;
 exports.containsBase64Hidden = containsBase64Hidden;
+exports.detectObfuscatedEncoding = detectObfuscatedEncoding;
+exports.containsObfuscatedEncoding = containsObfuscatedEncoding;
 exports.hasDuplicateContent = hasDuplicateContent;
 // ─── Direct Injection ───────────────────────────────────────────
 const DIRECT_INJECTION = [
@@ -116,6 +121,34 @@ const SOCIAL_ENGINEERING = [
     },
 ];
 exports.SOCIAL_ENGINEERING = SOCIAL_ENGINEERING;
+// ─── Obfuscated Encoding ───────────────────────────────────────
+const OBFUSCATED_ENCODING = [
+    {
+        pattern: /\\x[0-9a-fA-F]{2}(\\x[0-9a-fA-F]{2}){3,}/,
+        category: 'obfuscated_encoding',
+        severity: 'HIGH',
+        description: 'Hex-encoded string (potential obfuscated payload)',
+    },
+    {
+        pattern: /\\u[0-9a-fA-F]{4}(\\u[0-9a-fA-F]{4}){3,}/,
+        category: 'obfuscated_encoding',
+        severity: 'HIGH',
+        description: 'Unicode escape sequence (potential obfuscated payload)',
+    },
+    {
+        pattern: /&#x?[0-9a-fA-F]+;(&#x?[0-9a-fA-F]+;){3,}/,
+        category: 'obfuscated_encoding',
+        severity: 'MEDIUM',
+        description: 'HTML entity encoded string (potential obfuscated payload)',
+    },
+    {
+        pattern: /%[0-9a-fA-F]{2}(%[0-9a-fA-F]{2}){5,}/,
+        category: 'obfuscated_encoding',
+        severity: 'MEDIUM',
+        description: 'URL-encoded string (potential obfuscated payload)',
+    },
+];
+exports.OBFUSCATED_ENCODING = OBFUSCATED_ENCODING;
 // ─── Suspicious Link Detection ──────────────────────────────────
 const KNOWN_SAFE_DOMAINS = new Set([
     'github.com', 'gitlab.com', 'stackoverflow.com',
@@ -124,6 +157,11 @@ const KNOWN_SAFE_DOMAINS = new Set([
     'moltbook.com', 'anthropic.com', 'openai.com',
     'huggingface.co', 'npmjs.com', 'pypi.org',
 ]);
+const SHORT_URL_DOMAINS = new Set([
+    'bit.ly', 'tinyurl.com', 't.co', 'goo.gl', 'ow.ly',
+    'is.gd', 'buff.ly', 'rebrand.ly', 'short.io', 'cutt.ly',
+    'tiny.cc', 'lnkd.in', 'surl.li', 'rb.gy',
+]);
 exports.URL_PATTERN = /https?:\/\/[^\s<>"')\]]+/gi;
 function isSuspiciousUrl(url) {
     try {
@@ -135,21 +173,241 @@ function isSuspiciousUrl(url) {
         return true;
     }
 }
-// ─── Base64 Hidden Content Detection ────────────────────────────
+// ─── Malicious URI Detection ────────────────────────────────────
+const MALICIOUS_URI_PATTERN = /(?:javascript|vbscript|data)\s*:/i;
+const DATA_URI_EXEC_PATTERN = /data\s*:\s*(?:text\/html|application\/javascript)[^,]*[,;]/i;
+const SHORT_URL_PATTERN = /https?:\/\/(bit\.ly|tinyurl\.com|t\.co|goo\.gl|ow\.ly|is\.gd|buff\.ly|rebrand\.ly|short\.io|cutt\.ly|tiny\.cc|lnkd\.in|surl\.li|rb\.gy)\/\S+/gi;
+const URL_PATH_TRAVERSAL = /%2[eE]%2[eE]|\.\.%2[fF]|%2[fF]\.\./;
+function detectMaliciousUris(content) {
+    const results = [];
+    // javascript: / vbscript: / data: URI schemes
+    const schemeMatch = content.match(MALICIOUS_URI_PATTERN);
+    if (schemeMatch) {
+        results.push({
+            uri: schemeMatch[0],
+            reason: 'Dangerous URI scheme detected (javascript/vbscript/data)',
+            severity: 'HIGH',
+        });
+    }
+    // data: URIs with executable content types
+    const dataUriMatch = content.match(DATA_URI_EXEC_PATTERN);
+    if (dataUriMatch) {
+        results.push({
+            uri: dataUriMatch[0],
+            reason: 'Data URI with executable content type (text/html or application/javascript)',
+            severity: 'HIGH',
+        });
+    }
+    // Short URL services (potential redirect to malicious targets)
+    const shortUrls = content.match(SHORT_URL_PATTERN);
+    if (shortUrls) {
+        for (const url of shortUrls) {
+            results.push({
+                uri: url,
+                reason: 'Short URL service used — destination hidden',
+                severity: 'MEDIUM',
+            });
+        }
+    }
+    // URL-encoded path traversal
+    const allUrls = content.match(exports.URL_PATTERN) || [];
+    for (const url of allUrls) {
+        if (URL_PATH_TRAVERSAL.test(url)) {
+            results.push({
+                uri: url,
+                reason: 'URL contains encoded path traversal (../)',
+                severity: 'HIGH',
+            });
+        }
+    }
+    return results;
+}
+function isShortUrl(url) {
+    try {
+        const parsed = new URL(url);
+        const domain = parsed.hostname.replace(/^www\./, '');
+        return SHORT_URL_DOMAINS.has(domain);
+    }
+    catch {
+        return false;
+    }
+}
+// ─── Enhanced Base64 Hidden Content Detection ───────────────────
 exports.BASE64_PATTERN = /[A-Za-z0-9+/]{40,}={0,2}/;
+/**
+ * Enhanced base64 detection:
+ * 1. Decodes base64 and runs ALL pattern rules against decoded content
+ * 2. Supports multi-layer decoding (up to 3 levels deep)
+ * 3. Returns detailed info about what was found
+ */
+function deepBase64Scan(content, maxDepth = 3) {
+    const threats = [];
+    const allPatterns = [
+        ...DIRECT_INJECTION,
+        ...CREDENTIAL_THEFT,
+        ...COVERT_EXECUTION,
+        ...SOCIAL_ENGINEERING,
+    ];
+    function scanLayer(text, depth, originalEncoded) {
+        if (depth > maxDepth)
+            return;
+        const matches = text.matchAll(/[A-Za-z0-9+/]{20,}={0,2}/g);
+        for (const m of matches) {
+            const candidate = m[0];
+            let decoded;
+            try {
+                const buf = Buffer.from(candidate, 'base64');
+                // Validate: at least 80% of decoded bytes should be printable ASCII or common UTF-8
+                const printable = buf.filter((b) => (b >= 0x20 && b <= 0x7e) || b === 0x0a || b === 0x0d || b === 0x09);
+                if (printable.length / buf.length < 0.7)
+                    continue;
+                decoded = buf.toString('utf-8');
+            }
+            catch {
+                continue;
+            }
+            // Run all pattern rules against decoded content
+            for (const rule of allPatterns) {
+                const ruleMatch = decoded.match(rule.pattern);
+                if (ruleMatch) {
+                    threats.push({
+                        encodedText: originalEncoded || candidate,
+                        decodedText: decoded.slice(0, 200),
+                        matchedRule: rule.description,
+                        depth,
+                    });
+                }
+            }
+            // Check for suspicious commands in decoded content
+            const suspiciousDecoded = /\b(eval|exec|system|curl|wget|bash|sh|rm\s+-rf|chmod|chown|nc\s+-|ncat|socat)\b/i;
+            if (suspiciousDecoded.test(decoded)) {
+                threats.push({
+                    encodedText: originalEncoded || candidate,
+                    decodedText: decoded.slice(0, 200),
+                    matchedRule: 'Decoded base64 contains suspicious shell command',
+                    depth,
+                });
+            }
+            // Recurse: check if decoded content contains another base64 payload
+            if (depth < maxDepth && /[A-Za-z0-9+/]{20,}={0,2}/.test(decoded)) {
+                scanLayer(decoded, depth + 1, originalEncoded || candidate);
+            }
+        }
+    }
+    scanLayer(content, 1, '');
+    return threats;
+}
+/**
+ * Simple boolean check — backward compatible with original API.
+ * Now uses the enhanced deep scan internally.
+ */
 function containsBase64Hidden(content) {
-    const match = content.match(exports.BASE64_PATTERN);
-    if (!match)
-        return false;
+    return deepBase64Scan(content).length > 0;
+}
+function decodeHexEscapes(text) {
+    return text.replace(/\\x([0-9a-fA-F]{2})/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
+}
+function decodeUnicodeEscapes(text) {
+    return text.replace(/\\u([0-9a-fA-F]{4})/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
+}
+function decodeHtmlEntities(text) {
+    return text
+        .replace(/&#x([0-9a-fA-F]+);/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)))
+        .replace(/&#(\d+);/g, (_, dec) => String.fromCharCode(parseInt(dec, 10)));
+}
+function decodeUrlEncoding(text) {
     try {
-        const decoded = Buffer.from(match[0], 'base64').toString('utf-8');
-        // Check if decoded content contains suspicious commands
-        const suspiciousDecoded = /\b(eval|exec|system|curl|wget|bash|sh)\b/i.test(decoded);
-        return suspiciousDecoded;
+        return decodeURIComponent(text);
     }
     catch {
-        return false;
+        return text;
+    }
+}
+/**
+ * Detects obfuscated encoding and checks decoded content for threats.
+ */
+function detectObfuscatedEncoding(content) {
+    const results = [];
+    const allPatterns = [
+        ...DIRECT_INJECTION,
+        ...CREDENTIAL_THEFT,
+        ...COVERT_EXECUTION,
+        ...SOCIAL_ENGINEERING,
+    ];
+    const suspiciousCmd = /\b(eval|exec|system|curl|wget|bash|sh|rm\s+-rf|chmod|nc\s+-)\b/i;
+    function findThreat(decoded) {
+        for (const rule of allPatterns) {
+            if (rule.pattern.test(decoded))
+                return rule.description;
+        }
+        if (suspiciousCmd.test(decoded))
+            return 'Decoded content contains suspicious command';
+        return null;
     }
+    // Hex escapes: \x65\x76\x61\x6c
+    const hexPattern = /(?:\\x[0-9a-fA-F]{2}){4,}/g;
+    const hexMatches = content.match(hexPattern);
+    if (hexMatches) {
+        for (const match of hexMatches) {
+            const decoded = decodeHexEscapes(match);
+            results.push({
+                type: 'hex',
+                encoded: match,
+                decoded,
+                threatFound: findThreat(decoded),
+            });
+        }
+    }
+    // Unicode escapes: \u0065\u0076\u0061\u006c
+    const unicodePattern = /(?:\\u[0-9a-fA-F]{4}){4,}/g;
+    const unicodeMatches = content.match(unicodePattern);
+    if (unicodeMatches) {
+        for (const match of unicodeMatches) {
+            const decoded = decodeUnicodeEscapes(match);
+            results.push({
+                type: 'unicode',
+                encoded: match,
+                decoded,
+                threatFound: findThreat(decoded),
+            });
+        }
+    }
+    // HTML entities: &#101;&#118;&#97;&#108; or &#x65;&#x76;
+    const htmlPattern = /(?:&#x?[0-9a-fA-F]+;){4,}/g;
+    const htmlMatches = content.match(htmlPattern);
+    if (htmlMatches) {
+        for (const match of htmlMatches) {
+            const decoded = decodeHtmlEntities(match);
+            results.push({
+                type: 'html_entity',
+                encoded: match,
+                decoded,
+                threatFound: findThreat(decoded),
+            });
+        }
+    }
+    // URL encoding: %65%76%61%6c
+    const urlEncPattern = /(?:%[0-9a-fA-F]{2}){6,}/g;
+    const urlEncMatches = content.match(urlEncPattern);
+    if (urlEncMatches) {
+        for (const match of urlEncMatches) {
+            const decoded = decodeUrlEncoding(match);
+            results.push({
+                type: 'url_encoding',
+                encoded: match,
+                decoded,
+                threatFound: findThreat(decoded),
+            });
+        }
+    }
+    return results;
+}
+/**
+ * Simple boolean check for whether any obfuscated encoding with threats is present.
+ */
+function containsObfuscatedEncoding(content) {
+    const results = detectObfuscatedEncoding(content);
+    return results.some((r) => r.threatFound !== null);
 }
 // ─── Duplicate Content Detection ────────────────────────────────
 function hasDuplicateContent(contents, threshold = 0.7) {
@@ -173,5 +431,6 @@ exports.ALL_PATTERNS = [
     ...CREDENTIAL_THEFT,
     ...COVERT_EXECUTION,
     ...SOCIAL_ENGINEERING,
+    ...OBFUSCATED_ENCODING,
 ];
 //# sourceMappingURL=patterns.js.map

package/dist/analysis/patterns.js.map

@@ -1 +1 @@
-{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/analysis/patterns.ts"],"names":[],"mappings":";;;AAyIA,0CAQC;AAMD,oDAYC;AAID,kDAgBC;AA9KD,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,qCAAqC;KACnD;IACD;QACE,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;KACpD;IACD;QACE,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mCAAmC;KACjD;CACF,CAAC;AA+JA,4CAAgB;AA7JlB,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,oEAAoE;QAC7E,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,iDAAiD;KAC/D;IACD;QACE,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,oCAAoC;QAC7C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,yCAAyC;QAClD,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wCAAwC;KACtD;CACF,CAAC;AAmIA,4CAAgB;AAjIlB,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;KACpD;CACF,CAAC;AAuGA,4CAAgB;AArGlB,mEAAmE;AAEnE,MAAM,kBAAkB,GAAkB;IACxC;QACE,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,mCAAmC;KACjD;IACD;QACE,OAAO,EAAE,iDAAiD;QAC1D,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,+CAA+C;KAC7D;IACD;QACE,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;KAC1D;CACF,CAAC;AA2EA,gDAAkB;AAzEpB,mEAAmE;AAEnE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,YAAY,EAAE,YAAY,EAAE,mBAAmB;IAC/C,eAAe,EAAE,WAAW,EAAE,YAAY;IAC1C,aAAa,EAAE,aAAa,EAAE,OAAO;IACrC,cAAc,EAAE,eAAe,EAAE,YAAY;IAC7C,gBAAgB,EAAE,WAAW,EAAE,UAAU;CAC1C,CAAC,CAAC;AAEU,QAAA,WAAW,GAAG,4BAA4B,CAAC;AAExD,SAAgB,eAAe,CAAC,GAAW;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,mEAAmE;AAEtD,QAAA,cAAc,GAAG,0BAA0B,CAAC;AAEzD,SAAgB,oBAAoB,CAAC,OAAe;IAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,sBAAc,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IAEzB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClE,wDAAwD;QACxD,MAAM,iBAAiB,GAAG,2CAA2C,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpF,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,mEAAmE;AAEnE,SAAgB,mBAAmB,CAAC,QAAkB,EAAE,SAAS,GAAG,GAAG;IACrE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAEtC,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,IAAI,UAAU,GAAG,CAAC,CAAC;IAEnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpC,UAAU,EAAE,CAAC;YACf,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACrE,OAAO,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;AAC7C,CAAC;AAED,mEAAmE;AAEtD,QAAA,YAAY,GAAkB;IACzC,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,kBAAkB;CACtB,CAAC"}
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/analysis/patterns.ts"],"names":[],"mappings":";;;AA4KA,0CAQC;AAeD,kDAgDC;AAED,gCAQC;AAmBD,wCA2DC;AAMD,oDAEC;AA4CD,4DA+EC;AAKD,gEAGC;AAID,kDAgBC;AAjeD,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,qCAAqC;KACnD;IACD;QACE,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;KACpD;IACD;QACE,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mCAAmC;KACjD;CACF,CAAC;AAmdA,4CAAgB;AAjdlB,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,oEAAoE;QAC7E,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,iDAAiD;KAC/D;IACD;QACE,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,oCAAoC;QAC7C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,yCAAyC;QAClD,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wCAAwC;KACtD;CACF,CAAC;AAubA,4CAAgB;AArblB,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;KACpD;CACF,CAAC;AA2ZA,4CAAgB;AAzZlB,mEAAmE;AAEnE,MAAM,kBAAkB,GAAkB;IACxC;QACE,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,mCAAmC;KACjD;IACD;QACE,OAAO,EAAE,iDAAiD;QAC1D,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,+CAA+C;KAC7D;IACD;QACE,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;KAC1D;CACF,CAAC;AA+XA,gDAAkB;AA7XpB,kEAAkE;AAElE,MAAM,mBAAmB,GAAkB;IACzC;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wDAAwD;KACtE;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,2DAA2D;KACzE;IACD;QACE,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,mDAAmD;KACjE;CACF,CAAC;AAmWA,kDAAmB;AAjWrB,mEAAmE;AAEnE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,YAAY,EAAE,YAAY,EAAE,mBAAmB;IAC/C,eAAe,EAAE,WAAW,EAAE,YAAY;IAC1C,aAAa,EAAE,aAAa,EAAE,OAAO;IACrC,cAAc,EAAE,eAAe,EAAE,YAAY;IAC7C,gBAAgB,EAAE,WAAW,EAAE,UAAU;CAC1C,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO;IAClD,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS;IACvD,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO;CACzC,CAAC,CAAC;AAEU,QAAA,WAAW,GAAG,4BAA4B,CAAC;AAExD,SAAgB,eAAe,CAAC,GAAW;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,mEAAmE;AAEnE,MAAM,qBAAqB,GAAG,mCAAmC,CAAC;AAClE,MAAM,qBAAqB,GAAG,6DAA6D,CAAC;AAC5F,MAAM,iBAAiB,GAAG,gJAAgJ,CAAC;AAC3K,MAAM,kBAAkB,GAAG,oCAAoC,CAAC;AAQhE,SAAgB,mBAAmB,CAAC,OAAe;IACjD,MAAM,OAAO,GAAyB,EAAE,CAAC;IAEzC,8CAA8C;IAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACzD,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC;YACX,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC;YACnB,MAAM,EAAE,0DAA0D;YAClE,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC1D,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC;YACX,GAAG,EAAE,YAAY,CAAC,CAAC,CAAC;YACpB,MAAM,EAAE,6EAA6E;YACrF,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC;IACL,CAAC;IAED,+DAA+D;IAC/D,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACnD,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,EAAE,GAAG;gBACR,MAAM,EAAE,6CAA6C;gBACrD,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAW,CAAC,IAAI,EAAE,CAAC;IACjD,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,IAAI,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,EAAE,GAAG;gBACR,MAAM,EAAE,2CAA2C;gBACnD,QAAQ,EAAE,MAAM;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,UAAU,CAAC,GAAW;IACpC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACrD,OAAO,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,mEAAmE;AAEtD,QAAA,cAAc,GAAG,0BAA0B,CAAC;AASzD;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,OAAe,EAAE,QAAQ,GAAG,CAAC;IAC1D,MAAM,OAAO,GAA0B,EAAE,CAAC;IAC1C,MAAM,WAAW,GAAG;QAClB,GAAG,gBAAgB;QACnB,GAAG,gBAAgB;QACnB,GAAG,gBAAgB;QACnB,GAAG,kBAAkB;KACtB,CAAC;IAEF,SAAS,SAAS,CAAC,IAAY,EAAE,KAAa,EAAE,eAAuB;QACrE,IAAI,KAAK,GAAG,QAAQ;YAAE,OAAO;QAE7B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAC;QAC3D,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACvB,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBAC7C,oFAAoF;gBACpF,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC;gBACxG,IAAI,SAAS,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG;oBAAE,SAAS;gBAClD,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAClC,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,gDAAgD;YAChD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC9C,IAAI,SAAS,EAAE,CAAC;oBACd,OAAO,CAAC,IAAI,CAAC;wBACX,WAAW,EAAE,eAAe,IAAI,SAAS;wBACzC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBAClC,WAAW,EAAE,IAAI,CAAC,WAAW;wBAC7B,KAAK;qBACN,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,mDAAmD;YACnD,MAAM,iBAAiB,GAAG,kFAAkF,CAAC;YAC7G,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACpC,OAAO,CAAC,IAAI,CAAC;oBACX,WAAW,EAAE,eAAe,IAAI,SAAS;oBACzC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAClC,WAAW,EAAE,kDAAkD;oBAC/D,KAAK;iBACN,CAAC,CAAC;YACL,CAAC;YAED,oEAAoE;YACpE,IAAI,KAAK,GAAG,QAAQ,IAAI,0BAA0B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjE,SAAS,CAAC,OAAO,EAAE,KAAK,GAAG,CAAC,EAAE,eAAe,IAAI,SAAS,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;IAED,SAAS,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAgB,oBAAoB,CAAC,OAAe;IAClD,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;AAC5C,CAAC;AAWD,SAAS,gBAAgB,CAAC,IAAY;IACpC,OAAO,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CACrD,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CACrD,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,OAAO,IAAI;SACR,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CACzC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC;SACA,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CAC/B,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC,CAAC;AACN,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY;IACrC,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,wBAAwB,CAAC,OAAe;IACtD,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,MAAM,WAAW,GAAG;QAClB,GAAG,gBAAgB;QACnB,GAAG,gBAAgB;QACnB,GAAG,gBAAgB;QACnB,GAAG,kBAAkB;KACtB,CAAC;IACF,MAAM,aAAa,GAAG,iEAAiE,CAAC;IAExF,SAAS,UAAU,CAAC,OAAe;QACjC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,IAAI,CAAC,WAAW,CAAC;QAC1D,CAAC;QACD,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,6CAA6C,CAAC;QACtF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gCAAgC;IAChC,MAAM,UAAU,GAAG,4BAA4B,CAAC;IAChD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC7C,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,KAAK;gBACX,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,OAAO,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,4CAA4C;IAC5C,MAAM,cAAc,GAAG,4BAA4B,CAAC;IACpD,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IACrD,IAAI,cAAc,EAAE,CAAC;QACnB,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;YAC5C,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,OAAO,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,MAAM,WAAW,GAAG,4BAA4B,CAAC;IACjD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC/C,IAAI,WAAW,EAAE,CAAC;QAChB,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAC1C,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,aAAa;gBACnB,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,OAAO,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,MAAM,aAAa,GAAG,0BAA0B,CAAC;IACjD,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IACnD,IAAI,aAAa,EAAE,CAAC;QAClB,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,OAAO,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,0BAA0B,CAAC,OAAe;IACxD,MAAM,OAAO,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAClD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC;AACrD,CAAC;AAED,mEAAmE;AAEnE,SAAgB,mBAAmB,CAAC,QAAkB,EAAE,SAAS,GAAG,GAAG;IACrE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAEtC,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,IAAI,UAAU,GAAG,CAAC,CAAC;IAEnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpC,UAAU,EAAE,CAAC;YACf,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACrE,OAAO,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;AAC7C,CAAC;AAED,mEAAmE;AAEtD,QAAA,YAAY,GAAkB;IACzC,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,kBAAkB;IACrB,GAAG,mBAAmB;CACvB,CAAC"}